VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

LangGraph: vulnerability chain led to RCE — update self‑hosted

LangGraph: цепочка уязвимостей вела к RCE — обновите self‑hosted

Colleagues — an important security alert: a chain of vulnerabilities in LangGraph enables remote code execution.

- Check Point and Yarden Porat found three flaws: SQLite SQLi (CVE‑2025‑67644), unsafe msgpack deserialization (CVE‑2026‑28277) and RediSearch injection (CVE‑2026‑27022). Patches are available.
- Attack flow: SQLi injects a fake checkpoint with a malicious BLOB; deserialization via get_state_history() triggers the payload.
- Recommendations: apply patches, enable authentication, segment networks, remove hardcoded secrets and restrict agent privileges.

Why it matters: common vulnerabilities in agent frameworks can expose secrets and allow RCE.

What will you do with your self‑hosted agents?

#cybersecurity #AI #LangChain #infosec

Latest comments

No comments yet.